id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,actualpoints,parent,points,reviewer,sponsor
23574,Don't allow text injection in our 404 page,gk,hiro,"We got a report on HackerOne by sumitthehacker:
{{{
i want to report a text injection and a misconfiguration of the 404 page
the bug exists at :
https://www.torproject.org/test/%2f../It%20has%20been%20changed%20by%20a%20new%20one%20https://www.Attacker.com%20so%20go%20to%20the%20new%20one%20since%20this%20one
as you can see attacker text is included
""It has been changed by a new one https://www.attacker.com so go to the new one since this one was not found on this server.""
}}}",defect,accepted,Medium,,Internal Services/Tor Sysadmin Team,,Normal,,,,,,,,